Source: qemu Version: 1:2.8+dfsg-6 Severity: normal Tags: upstream security
Hi, the following vulnerability was published for qemu. CVE-2017-9503[0]: | QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host | Bus Adapter emulation support, allows local guest OS privileged users | to cause a denial of service (NULL pointer dereference and QEMU | process crash) via vectors involving megasas command processing. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-9503 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9503 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1459477 [2] https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9503.html [3] https://bugzilla.novell.com/show_bug.cgi?id=1043296 Please adjust the affected versions in the BTS as needed. Quickly checked only the stretch (and sid) version, but not jessie. If affected this would still rather be no-dsa. Regards, Salvatore